Key corruption: duplicate signatures and usage flags
Justus Winter
justus at g10code.com
Thu Jun 22 17:00:03 CEST 2017
martin f krafft <madduck at madduck.net> writes:
> [ Unknown signature status ]
> Hey Justus, thanks for writing in. Here are the answers you wanted:
>
>> gpg --version please?
>
> 2.1.18
>
>> > So far, so good. Do note the [SC] usage flags.
>>
>> What are the capabilities of your primary key supposed to be?
>
> There were [SC] when I created it, but I've recently changed to
> a signing subkey and removed the flag from the primary key.
Interesting. Thanks for clarifying.
>> > key 55C9882D999BBCC4:
>> > 24 duplicate signatures removed
>> >
>> > That's a bit weird. Where do these come from?
>>
>> Not sure, but anyone can append stuff to your key on the keyservers.
>> Maybe some faulty software reordered the packages and uploaded it?
>
> Yeah could be. And while there's no way this can be fixed, it also
> doesn't really harm, does it?
No, it does (should) not harm. Future versions of GnuPG will check and
clean keys automatically when (re-)fetching them from keyservers.
Justus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: </pipermail/attachments/20170622/0db111b8/attachment.sig>
More information about the Gnupg-users
mailing list